Methods, systems, and computer program products for enhancing internet security for network subscribers

ABSTRACT

A network communication system includes a connection server that assigns a network address within a data communication network to a subscriber terminal. The connection server receives outgoing communications from the subscriber terminal and transmits the outgoing communications to a network access point and receives incoming communications from the network access point and transmits the incoming communications to the subscriber terminal. The connection server intercepts a tracking cookie received from a remote server in the data communications network and intended for the subscriber terminal and stores the tracking cookie at the connection server so that the tracking cookie can be used to support a communication session between the subscriber terminal and the remote server without the tracking cookie being stored at the subscriber terminal.

BACKGROUND

The present disclosure relates to communications networks, and, moreparticularly, to enhancing the security and/or privacy of networkcommunications for subscribers to a network service.

Communications networks are widely used for nationwide and worldwidecommunication of voice, multimedia and/or data. As used herein,communications networks include public communications networks, such asthe Public Switched Telephone Network (PSTN), terrestrial and/orsatellite cellular networks and/or the Internet.

The Internet is a decentralized network of computers that cancommunicate with one another via Internet Protocol (IP). The Internetincludes the World Wide Web (WWW) service facility, which is aclient/server-based facility that includes a large number of servers(computers connected to the Internet) on which Web pages, applicationsand/or files reside, as well as clients (Web browsers), which interfaceusers with the remote servers. Specifically, Web browsers and softwareapplications send a request over the WWW to a server, requesting a Webpage identified by a Uniform Resource Locator (URL), which notes boththe server where the Web page resides and the file or files on thatserver which make up the Web page. The request includes the IP addressof the client. The server then sends a copy of the requested file(s) tothe IP address associated with the client, and the Web browser at theclient terminal displays the Web page to the user. Other types ofinteraction are possible. For example, a file can be requested from aremote file server, data can be requested from an application on aremote server, etc. In any such exchange, the remote server must besupplied with an address to which the response should be sent.

The topology of the World Wide Web can be described as a network ofnetworks, with providers of network services called Network ServiceProviders, or NSPs, or Internet Service Providers (ISPs). Servers thatprovide application-layer services may be referred to as ApplicationService Providers (ASPs). Sometimes a single service provider providesboth functions.

Considering the public accessibility of the Web, individuals, groups,and organizations may be concerned with privacy and the protection ofsensitive and/or private information. As such, reasonable protectionsmay be used when transmitting such information over the Web. Yet, insome cases these protections may fail, and sensitive information may beundesirably stolen, lost, or otherwise disseminated so as to beobtainable by unauthorized third parties. Furthermore, it is often thecase that a user does not know who is operating the server with whichthe terminal is communicating. For example, a user seeking to download aparticular file could be redirected, via a hyperlink, to a server thatis unaffiliated with the site the user was visiting. In some cases, amalicious web server may attempt to download a virus, or other malicioussoftware to the user's terminal.

One aspect of WWW communications is that such communications are“stateless,” in that each request from a terminal at an IP address to aserver is treated as a separate request that is independent of otherrequests from the same IP address. This simplifies server design becausethe server does not need to dynamically allocate storage to deal withconversations in progress or worry about freeing it if a client dies inmid-transaction. However, because the connection is stateless, it may benecessary to include more information in each request. Furthermore, sometypes of transactions are difficult to conduct in a statelessenvironment. For example, online shopping requires the server to be ableto keep track of a customer's state from one request to the next, sothat the server can keep track of items in the customer's shopping cart,whether the customer has checked out yet, what billing information is tobe used, etc.

In order to provide state information for a WWW transaction, WWWprotocols provide for the use of “cookies,” which are strings of datathat are stored at the client terminal. A WWW server can place a cookieon a client terminal. The server keeps track of the contents of thecookie and the IP address at which it was stored. When a request is sentto the server, the cookie is sent, unchanged, to the server along withthe request. The server can thereby associate the request with asession, and provide an appropriate response to the request.

Accordingly, cookies can be used for a number of purposes, includingauthentication, session tracking (state maintenance), and maintainingspecific information about users, such as site preferences or thecontents of their electronic shopping carts. Moreover, some websites aredesigned to be highly interactive, and can only be accessed with fullfunctionality if the client is configured to accept cookies.

Cookies can also be used as a means of tracking user behavior. Forexample, a server can keep track of a user's activities by recordingthem and associating them with a cookie stored on the user's terminal.By aggregating information over time, a server can build a profile ofthe user, or at least of the behavior of those users that use aparticular terminal. In many cases, this information can be used for thebenefit of the user, by permitting the server to provide customizedservices or offers to the user. However, this information can also beused maliciously, and can in some cases be viewed as an invasion ofprivacy. In any case, many users simply do not wish to have possiblyunknown third parties collecting information about them over theInternet.

Furthermore, many times, the associations of WWW behavior with aparticular IP address is erroneous, as the IP address of a terminal canchange over time. For example, ISPs have a pool of IP addresses that canbe dynamically assigned to terminals. A subscriber who has a laptopcomputer can be assigned one IP address when connecting to their ISP athome and another IP address when connecting at a remote location. Thus,when associations are based on IP addresses, servers can inadvertentlyassociate browsing behavior of one subscriber with another.

While cookies may only be sent to the server that set them, or one inthe same Internet domain, a Web page may contain images or othercomponents stored on servers in other domains. Cookies that are setduring retrieval of these components are called third-party cookies.Third party cookies may be particularly troublesome for some users, asthey can be used to track the actions of a user across many differentservers.

SUMMARY

A network communication system according to some embodiments includes afirst interface configured to establish a communication path with asubscriber terminal, a second interface configured to establish acommunication path with a network access point that is connected to adata communication network, and a connection server that is configuredto assign a network address within the data communication network to thesubscriber terminal. The connection server is configured to receiveoutgoing communications from the subscriber terminal and to transmit theoutgoing communications to the network access point and to receiveincoming communications from the network access point and transmit theincoming communications to the subscriber terminal. The connectionserver is further configured to intercept a tracking cookie receivedfrom a remote server in the data communications network and intended forthe subscriber terminal and to store the tracking cookie at theconnection server so that the tracking cookie can be used to support acommunication session between the subscriber terminal and the remoteserver without the tracking cookie being stored at the subscriberterminal.

The connection server may be further configured to delete the trackingcookie after a predetermined period of time.

The connection server may be further configured to release the networkaddress assigned to the subscriber terminal upon the occurrence of apredetermined event, and to delete the tracking cookie in response tothe release of the network address assigned to the subscriber terminal.

The connection server may be further configured to release the networkaddress assigned to the subscriber terminal upon the occurrence of apredetermined event, and to save the tracking cookie in response to therelease of the network address assigned to the subscriber terminal forlater use by the subscriber terminal when a new network address isassigned to the subscriber terminal.

The connection server may be further configured to intercept a requestfor the stored tracking cookie from the remote server and to provide thestored tracking cookie to the remote server in response to the request.

The connection server may be further configured to provide a notice tothe subscriber terminal of the receipt and storage of the trackingcookie and to transmit the tracking cookie to the subscriber terminal inresponse to a request for the tracking cookie from the subscriberterminal.

The connection server may be further configured to replace the networkaddress of the subscriber terminal in the outgoing communication with analias network address. The connection server may be further configuredto inspect an outgoing communication of the subscriber terminal todetermine an identity of the remote server to which the outgoingcommunication is addressed and, in response to determining the identityof the remote server, to query the subscriber terminal to determine ifthe connection server should intercept cookies from the remote server.

The connection server may be further configured to determine that theremote server is associated with malicious use of tracking cookiesand/or with identity theft.

The connection server may be further configured to intercept and rejectthird party cookies originating from servers other than the remoteserver and addressed to the subscriber terminal.

The connection server may be further configured to receive an outgoingcommunication from the subscriber terminal, to determine that theoutgoing communication is addressed to the remote server, to insert thetracking cookie into the outgoing communication, and to forward theoutgoing communication to the remote server.

Methods of providing network communication services according to someembodiments include establishing a communication path with a subscriberterminal, establishing a communication path with a network access pointthat is connected to a data communication network, and assigning anetwork address within the data communication network to the subscriberterminal. The methods further include intercepting a tracking cookiereceived from a remote server in the data communications network andintended for the subscriber terminal, and storing the tracking cookie sothat the tracking cookie can be used to support a communication sessionbetween the subscriber terminal and the remote server without thetracking cookie being stored at the subscriber terminal.

The methods may further include deleting the tracking cookie after apredetermined period of time.

The methods may further include releasing the network address assignedto the subscriber terminal upon the occurrence of a predetermined event,and deleting the tracking cookie in response to the release of thenetwork address assigned to the subscriber terminal.

The methods may further include releasing the network address assignedto the subscriber terminal upon the occurrence of a predetermined event,and saving the tracking cookie in response to the release of the networkaddress assigned to the subscriber terminal for later use by thesubscriber terminal when a new network address is assigned to thesubscriber terminal.

The methods may further include intercepting a request for the storedtracking cookie from the remote server, and providing the storedtracking cookie to the remote server in response to the request.

The methods may further include receiving an outgoing communication fromthe subscriber terminal, determining that the outgoing communication isaddressed to the remote server, inserting the tracking cookie into theoutgoing communication, and forwarding the outgoing communication to theremote server.

Other systems, methods, and/or computer program products according toexemplary embodiments will be or become apparent to one with skill inthe art upon review of the following drawings and detailed description.It is intended that all such additional systems, methods, and/orcomputer program products be included within this description, be withinthe scope of the present invention, and be protected by the accompanyingclaims.

BRIEF DESCRIPTION OF THE DRAWINGS

Other features of the present invention will be more readily understoodfrom the following detailed description of exemplary embodiments thereofwhen read in conjunction with the accompanying drawings, in which:

FIG. 1 is a block diagram that illustrates a system for enhancingnetwork security for subscribers in accordance with some embodiments.

FIG. 2 illustrates a data processing system that may be used toimplement a system for enhancing network security for subscribers inaccordance with some embodiments.

FIG. 3 is a block diagram that illustrates a software architecture for asystem for enhancing network security for subscribers in accordance withsome embodiments.

FIGS. 4 and 5 illustrate operations for enhancing network security forsubscribers in accordance with some embodiments.

FIG. 6 illustrates various types of computer readable storage media onwhich some embodiments can be stored.

DETAILED DESCRIPTION

Exemplary embodiments now will be described more fully hereinafter withreference to the accompanying figures. It should be appreciated,however, that there may be additional embodiments in many alternateforms, and this disclosure should not be construed as limited to theembodiments set forth herein.

While the embodiments described herein are susceptible to variousmodifications and alternative forms, these exemplary embodiments areshown by way of example in the drawings and will herein be described indetail. It should be understood, however, that there is no intent tolimit the invention to the particular forms disclosed, but on thecontrary, the invention is to cover all modifications, equivalents, andalternatives falling within the spirit and scope of the invention asdefined by the claims. Like reference numbers signify like elementsthroughout the description of the figures. As used herein, the term“and/or” includes any and all combinations of one or more of theassociated listed items.

Referring now to FIG. 1, an exemplary network architecture 100 forenhancing network security for network subscribers, in accordance withsome embodiments, comprises a connection server 120 that is operated bya network service provider (NSP) 130. The NSP 130 provides access to adata communications network 115. The data communications network 115 mayoperate using a communications protocol such as TCP/IP, and may, forexample, be the Internet. It will be appreciated, however, that the datacommunications network 115 can include any public and/or datacommunications network, and can operate using any communicationprotocol. The plurality of subscriber terminals 110 a, 110 b, and 110 c(collectively referred to as subscriber terminal 100) are connected to acommunications network 115 via the connection server 120. The network115 may represent a global network, such as the Internet, or otherpublicly accessible network. The network 115 may also, however,represent a wide area network, a local area network, an Intranet, orother private network, which may not be accessible by the generalpublic. Furthermore, the network 115 may represent a combination of oneor more wired and/or wireless public and/or private networks and/orvirtual private networks (VPN). In case the subscriber terminal 110 is amobile phone, the identity of the subscriber is maintained by thenetwork service provider 130 with the help of a Subscriber IdentityModule (SIM) via a 20 digit ICC-ID, while the identity of the terminal110 itself is maintained by the terminal device International MobileEquipment Identity (IMEI) number.

The connection server 120 may be embodied as one or more enterprise,application, personal, pervasive and/or embedded computing devices thatmay be interconnected by a wired and/or wireless local and/or wide areanetwork, including the Internet. In some embodiments, the connectionserver 120 may be situated in a secure location, such as the centraloffice of a communications services provider, such as the NSP 130.Although FIG. 1 illustrates an exemplary communications network, it willbe understood that the present invention is not limited to suchconfigurations, but is intended to encompass any configuration capableof carrying out the operations described herein.

The connection server 120 provides network connection services for thesubscriber terminals 110 a, 110 b and 110 c. In particular, theconnection server 120 acts as a gateway between the subscriber terminals110 a, 110 b and 110 c and a network access point 135 that is utilizedby the NSP 130 to access the data communications network 115. The NSP130 connects to the network access point 135 through a high-speed datainterface 125. In some embodiments, the network access point 135 may bepart of and/or controlled by the NSP 130.

Each of the subscriber terminals 110 a, 110 b and 110 c connects to theNSP 130 via a respective communication link 112 a, 112 b and 112 c(collectively referred to as communication link 112), that may include,for example, a cable, DSL, dial-up and/or wireless connection, viarespective interface units 115 a, 115 b and 115 c. Although threesubscriber terminals, three communication links, and three interfaceunits are shown for illustrative purposes, it should be appreciated thatthere may be any number of subscriber terminals, respectivecommunication links, and respective interface units. The connectionserver 120 can be configured to dynamically provide network addresses tothe subscriber terminals 110 a, 110 b and 110 c. For example, theconnection server 120 may be assigned a group or pool of networkaddresses that can be assigned to subscriber terminals 110 a, 110 b and110 c, and that permit the subscriber terminals 110 a, 110 b and 110 cto communicate over the data communications network 115. Networkaddresses can be leased to the subscriber terminals 110 a, 110 b and 110c for a limited time duration. Furthermore, network addresses can bereleased by the connection server upon the occurrence of certain events,such as the disconnection of the subscriber terminals 110 a, 110 b and110 c.

According to some embodiments, data communications from the subscriberterminals 110 a, 110 b and 110 c to and/or from destinations within thedata communications network 115 pass through the connection server 120.The connection server 120 monitors communications to/from the subscriberterminals 110 a, 110 b and 110 c and performs certain actions to enhancethe security of communications by the subscriber terminals 110 a, 110 band 110 c, as described in more detail below.

The subscriber terminals 110 a, 110 b and 110 c may establishcommunications with remote servers, such as an application server 140and/or a web server 150, through the data communication network 115. Athird party server 160 is also illustrated in FIG. 1. The third partyserver 160 represents other networked servers with which the subscriberterminals 110 a, 110 b and 110 c do not establish a communication link.The communications between the subscriber terminals 110 a, 110 b and 110c and the remote server 140, 150, may be organized as client/servercommunications and/or as peer-to-peer communications.

Referring now to FIG. 2, a system that may be used to implement theconnection server 120 of FIG. 1, in accordance with some embodiments,comprises input device(s) 202, such as a keyboard or keypad, a display204, and a memory 206 that communicates with a processor 208. The dataprocessing system 200 may further include a data storage system 210, aspeaker 212, and an input/output (I/O) data port(s) 214 that alsocommunicate with the processor 208. The data storage system 210 mayinclude removable and/or fixed media, such as floppy disks, ZIP drives,hard disks, or the like, as well as virtual storage, such as a RAMDISK.The I/O data port(s) 214 may be used to transfer information to/fromanother computer system or a network (e.g., the Internet). Thesecomponents may be conventional components such as those used in manyconventional computing devices, which may be configured to operate asdescribed herein.

FIG. 3 illustrates a processor 208, a memory 206 and a storage system210 that may be used in embodiments of methods, systems, and computerprogram products for enhancing network security in accordance with someembodiments. The processor 208 communicates with the memory 206 via anaddress/data bus 304. The processor 208 may be, for example, acommercially available or custom microprocessor. The memory 206 isrepresentative of the overall hierarchy of memory devices containing thesoftware and data used to discreetly monitor a communications networkfor private and/or sensitive information in accordance with someembodiments. The memory 206 may include, but is not limited to, thefollowing types of devices: cache, ROM, PROM, EPROM, EEPROM, flash,SRAM, and DRAM.

As shown in FIG. 3, the memory 206 may include several categories ofsoftware and data: an operating system 306, and application programs308. The operating system 306 controls the operation of the dataprocessing system. In particular, the operating system 306 may managethe data processing system's resources and may coordinate execution ofprograms by the processor 208. The operating system 306 can include I/Odevice drivers accessed by the application programs 308 to communicatewith devices such as the I/O data port(s) 214 of FIG. 2 and othercomponents of the memory 206. The application programs 308 includeprograms that implement the various features of a data processing systemaccording to embodiments, and may include at least one application whichsupports operations for enhancing the security of network communicationsaccording to some embodiments. Finally, the data stored in the datastorage system 210 represents the static and dynamic data used by theapplication programs 308, the operating system 306, and other softwareprograms that may reside in the memory 206.

As is further seen in FIG. 3, the data storage system 210 may includeone or more databases which contain data used in the operation of theconnection server 120. In particular, the data 312 may include asubscriber information database 314, a cookie database 316, and a serverdatabase 318. The processor 208 communicates with the data storagesystem 210 via an address/data bus 305. The subscriber informationdatabase 314 may include configuration information associated with eachsubscriber of the network service, such as subscriber preference andconfiguration information, subscriber authentication and billinginformation, etc. The cookie database 316 may include cookie informationstored by the connection server 120 on behalf of subscribers. The serverdatabase 318 may include information relative to remote servers that areor may be accessed by subscribers to the network service. Althoughexemplary embodiments are illustrated with reference to multipleseparate databases in FIG. 3, it will be appreciated by those of skillin the art that the subscriber information, the cookie information, andthe server information may be stored within a single database.Furthermore, it will be appreciated that the subscriber information, thecookie information, and the server information may be stored in manydifferent types of storage units, including an online storage, anoffline storage, an electronic memory, such as a RAM, a direct accessstorage device, such as a disk, or any other suitable storage device.

Still referring to FIG. 3, the application programs 308 may include anetwork monitor 320 and a communication proxy 322. The communicationproxy 322 may monitor and maintain sessions between a subscriberterminal 110 a, 110 b, 110 c and a remote server 140, 150. Inparticular, the communication proxy 322 may monitor communicationsto/from the subscriber terminals 110 a, 110 b, 110 c, and may manage thestorage and use of cookies on behalf of the subscriber terminals 110 a,110 b, 110 c, in order to provide enhanced security for the subscriberterminals 110 a, 110 b, 110 c, as discussed below. The network monitor320 may monitor and aggregate information about remote servers 140, 150and use such information to identify potential security threats to thesubscriber terminals 110 a, 110 b, 110 c.

Although FIG. 3 illustrates an exemplary software/data architecture thatmay facilitate enhancing network security for subscribers, it will beunderstood that the present invention is not limited to such aconfiguration but is intended to encompass any configuration capable ofcarrying out the operations described herein. For example, whileexemplary embodiments are described with reference to the networkmonitor 320 and communication proxy 322 as application programs 308,other configurations may also be utilized. For instance, the networkmonitor 320 and communication proxy 322 may also be incorporated intothe operating system 306.

Referring to FIGS. 1-3, a network communication system according to someembodiments includes a first interface 115 a-c configured to establish acommunication path with a subscriber terminal 110 a-c, a secondinterface 125 configured to establish a communication path with anetwork access point 135 that is connected to a data communicationnetwork 115, and a connection server 120 that is configured to assign anetwork address within the data communication network 115 to thesubscriber terminal 110 a-c.

The connection server 120 is configured to receive outgoingcommunications from the subscriber terminal 110 a-c and to transmit theoutgoing communications to the network access point 135, and to receiveincoming communications from the network access point 135 and transmitthe incoming communications to the subscriber terminal 110 a-c to whichsuch communications are addressed using the network address assigned tothe subscriber terminal 110 a-c. The connection server 120 is furtherconfigured to intercept a tracking cookie received from a remote server,such as an application server 140 or a web server 150, in the datacommunications network 115 and intended for the subscriber terminal 110a-c, and to store the tracking cookie in the cookie database 316. Thetracking cookie can then be used to support a communication sessionbetween the subscriber terminal 110 a-c and the remote server 140, 150without the tracking cookie being stored at the subscriber terminal 110a-c.

The tracking cookie is not stored at the subscriber terminal 110 a-c,and thus cannot be used for long-term tracking and identification of theuser. Furthermore, the connection server 120 may be configured to deletethe tracking cookie after a predetermined period of time. For example,the connection server 120 may be configured to delete the trackingcookie after it has been stored for one day, one week, etc. In someembodiments, the connection server 120 may be configured to delete thetracking cookie if the subscriber terminal 110 a-c for which the cookieis stored does not access the server 140, 150 that placed the cookiewithin a predetermined period of time.

By storing the tracking cookie, the cookie can be used to support anongoing connection between the subscriber terminal 110 a-c and theremote server 140, 150. For example, if a user of the subscriberterminal 110 a-c is shopping at a virtual store operated by the server140, 150, the tracking cookie can be used to keep track of login oridentification information provided by the user, to keep track of itemsin the user's cart, or for other purposes. Thus, when the server 140,150 issues a request to the subscriber terminal 110 a-c for the trackingcookie, the connection server 120 intercepts the request from the server140, 150 and provides the cookie to the server 140, 150. However, as thecookie is not stored on the subscriber terminal 110 a-c, the cookiecannot be used for tracking the user's behavior after the session hasended.

The connection server 120 may be configured to reject cookies thatoriginate from servers (“third party servers”) other than the serveroriginally accessed by the subscriber terminal 110 a-c. Such cookies maytherefore not be stored by the connection server 120 or forwarded to thesubscriber terminal 110 a-c.

In some cases, the connection server 120 may be configured to releasethe network address assigned to the subscriber terminal 110 a-c upon theoccurrence of a predetermined event. For example, some NSPs 130 use asystem in which network addresses are “leased” to users for a definedperiod of time. When the lease has expired the network address may bereleased by the NSP 130 and can be re-assigned to a different user. Theconnection server 120 may be configured to delete all tracking cookiesassociated with a particular subscriber terminal 110 a-c in response tothe release of the network address assigned to the subscriber terminal110 a-c.

In some embodiments, the connection server 120 may be configured to savethe tracking cookie in response to the release of the network addressassigned to the subscriber terminal 110 a-c for later use by thesubscriber terminal 110 a-c when a new network address is assigned tothe subscriber terminal 110 a-c. Thus, a subscriber can disconnect fromthe NSP 130 and reconnect at a later time and resume communications witha remote server 140, 150 using a cookie stored by the connection server120.

The connection server 120 may be configured to intercept a request forthe stored tracking cookie from the remote server 140, 150 and toprovide the stored tracking cookie to the remote server 140, 150 inresponse to the request. The remote server 140, 150 can use the trackingcookie to support the ongoing connection with the subscriber terminal110 a-c. In some embodiments, the connection server 120 can insert astored cookie into an outgoing communication from a subscriber terminal110 a-c addressed to a remote server 140, 150 from which the connectionserver 120 has received and stored a cookie on behalf of the subscriberterminal 110 a-c.

Storing cookies at a connection server 120 managed by a subscriber's NSP130 and used by a subscriber terminal 110 a-c to access thecommunications network 115 may have particular benefits for thesubscriber. For example, cookies may be stored at the connection server120 and inserted seamlessly and quickly into outgoing communicationsfrom the subscriber terminal 110 a-c. This also reduces network load onthe communication link 112. Note also that such cookies do not have tobe retrieved from elsewhere in the network 115. In contrast, if thecookies were stored for a user at a cookie server that is accessedthrough the communications network 115, then every communication of thesubscriber terminal to the desired server 140, 150 would have to berouted through the communications network 115 to the cookie server,potentially dramatically slowing down the session and decreasing theusability of the service provided by the server 140, 150.

When a tracking cookie is intercepted by the connection server 120, theconnection server 120 may provide a notice to the subscriber terminal110 a-c of the receipt and storage of the tracking cookie. Theconnection server 120 may then transmit the tracking cookie to thesubscriber terminal 110 a-c upon request. For example, a user maydetermine that it is desirable to store a particular tracking cookielocally at the subscriber terminal 110 a-c so that the cookie can beused to support subsequent communication sessions.

In addition to storing and managing tracking cookies on behalf of asubscriber terminal 110 a-c, the connection server 120 may be furtherconfigured to hide the actual network address of a subscriber terminal110 a-c from a remote server 140, 150. The connection server 120 mayaccomplish this by replacing the network address of the subscriberterminal 110 a-c in the outgoing communication with an alias networkaddress. When a response to the communication is received from theremote server 140, 150, the connection server 120 determines that theresponse is directed to the alias address, and directs the communicationto the subscriber terminal that originated the outgoing communication.

The connection server 120 may further be configured to inspect anoutgoing communication of the subscriber terminal 110 a-c to determinean identity of the remote server 140, 150 to which the outgoingcommunication is addressed and, in response to determining the identityof the remote server 140, 150, to query the subscriber terminal 110 a-cto determine if the connection server 120 should intercept cookies fromthe remote server 140, 150 and/or use an alias address forcommunications with the remote server 140, 150.

Because an NSP 130 provides network access to a large number ofsubscribers, a system according to some embodiments can monitor thecommunications behavior of a large number of subscriber terminals 110a-c, and by observing trends and actions of a large number of subscriberterminals and remote servers 140, 150, can potentially determine that aremote server 140, 150 is associated with malicious use of trackingcookies and/or with identity theft. For example, the NSP 130 can keepstatistics on the number of times third party cookies are received bysubscriber terminals 110 a-c in response to users accessing a particularremote server. In other embodiments, the connection server 120 can beconfigured to always intercept or block cookies from particular sitesthat are known to be associated with malicious use of tracking cookiesand/or identity theft. Information about the behavior of remote serverscan be aggregated and stored in the server database 318 (FIG. 3). Inaddition, network intelligence data accumulated over time andimplemented via standard machine learning techniques may be used tomonitor and track traffic within connection server 120 to selectivelyblock or allow incoming or outgoing traffic, while keeping the trueidentity of the subscriber and/or terminal device hidden fromapplication server 140 or web server 150. For example, a zero-daymalicious attack scheme could be detected in aggregate early enough toprotect the majority of subscriber terminals 110. Keeping subscriberinformation hidden from the remote servers enhances security bypreventing tracking users by these remote servers.

The connection server 120 may be configured to intercept third partycookies originating from servers other than the remote server 140, 150and addressed to the subscriber terminal 110 a-c.

Embodiments may take the form of an entirely hardware embodiment, anentirely software embodiment or an embodiment combining software andhardware aspects. Computer program code for carrying out operations ofsystems described above with respect to FIGS. 1 to 3 may be written in ahigh-level programming language, such as C or C++, for developmentconvenience. In addition, computer program code for carrying outoperations of embodiments may also be written in other programminglanguages, such as, but not limited to, interpreted languages. Somemodules or routines may be written in assembly language or evenmicro-code to enhance performance and/or memory usage. It will befurther appreciated that the functionality of any or all of the programmodules may also be implemented using discrete hardware components, oneor more application specific integrated circuits (ASICs), or aprogrammed digital signal processor or microcontroller.

According to some embodiments, systems, methods and/or computer programproducts may be provided that can automatically and continuously searcha network, such as the Internet, as well as other network-accessibledatabases, for private and/or sensitive information. The searches can beconducted in a manner that may obscure the private and/or sensitiveinformation that is the true target of the searches.

Exemplary operations for enhancing network security in accordance withsome embodiments will now be described with reference to the flowchartsof FIGS. 4 and 5. Referring now to FIGS. 1-4, a subscriber terminal 110connects to the connection server 120 through an interface 115 a-c andrequests a network address (Message 402). The connection server 120 mayauthenticate the subscriber terminal 110 by checking subscriberinformation in the subscriber information database 314, and in responseto authenticating the subscriber terminal 110, assigns a network addressto the subscriber terminal 110 (Message 404).

The subscriber terminal 110 then attempts to access a remote server,such as the web server 150 (Message 406). The access request is receivedby the connection server 120 and forwarded through the datacommunications network 115 to the remote server 150 (Message 408). Theconnection 120 server may replace the network address of the subscriberterminal 110 with an alias address, as discussed above.

In response to receiving the access request, the remote web server 150may attempt to set, or place, a cookie at the subscriber terminal 110(Message 410). The connection server 120 may intercept the cookie andstore the cookie in the cookie database 316 (Block 412). The connectionserver 120 may notify the subscriber terminal 110 that the cookie hasbeen stored, and may inform the subscriber terminal of how long thecookie will be stored by the connection server 120. In some embodiments,the subscriber (or user of a subscriber terminal) may be permitted tospecify how long the cookie will be stored and/or may request that thecookie be forwarded to the subscriber terminal 110.

The web server 150 then provides a response to the subscriber terminal110 (Message 414), which is forwarded by the connection server 120 tothe subscriber terminal 110, with alias address translation, ifnecessary (Message 416). It will be appreciated that the cookie may becontained within the server response 414, in which case the connectionserver 120 may strip the cookie out of the server response and mayreplace the cookie with dummy data before forwarding the response to thesubscriber terminal 110.

At a later point in the session, the subscriber terminal 110 may sendanother access request to the web server 150 (Message 418). Uponreceiving the request, the connection server 120 checks the destinationof the request and determines that it has stored a cookie associatedwith the domain of the remote web server 150. The connection server 120then retrieves the stored cookie from the cookie database 316 andinserts/appends the stored cookie to the request (Block 420). Therequest, including the cookie, is then forwarded by the connectionserver 120 to the remote web server 150, with alias address translationif desired (Message 422). Thus, the remote web server 150 can associatethe request with a previous or existing connection with the subscriberterminal 110.

Further embodiments are illustrated in FIG. 5. As shown therein, thesubscriber terminal 110 may attempts to access a remote server, such asthe web server 150 (Message 506). The access request is received by theconnection server 120 and forwarded through the data communicationsnetwork 115 to the remote web server 150 (Message 508). The connectionserver 120 may replace the network address of the subscriber terminal110 with an alias address, as discussed above.

In response to receiving the access request, the remote web server 150may attempt to set, or place, a cookie at the subscriber terminal 110(Message 510). The connection server 120 may intercept the cookie andstore the cookie in the cookie database 316 (Block 512). A third partyserver 160 may then attempt to set or place a third party cookie at thesubscriber terminal 110 (Message 515). However, because the cookie isnot being placed by the web server 150 that the subscriber terminal 110originally accessed, the connection server 120 may reject the cookie(Block 517).

Although the FIGS. 4 and 5 and the accompanying description refer to theweb server 150 as the remote web server, it should be appreciated thatoperations for enhancing network security in accordance with exemplaryembodiments may be performed using other remote servers, such as theapplication server 140.

As described herein, systems and/or methods of enhancing the securityand/or privacy of network communications for subscribers to a networkservice are provided by a connection server 120 that provides access toa data communications network 115 as well as stores and manages cookieson behalf of a subscriber terminal 110. A subscriber terminal 110 canthereby access a remote server 140, 150 quickly and seamlessly withouthaving a cookie from the server 140, 150 stored at the subscriberterminal 110. Furthermore, the connection server 120 can provide addresstranslation for communications with the remote server 140, 150, furtherenhancing the security and/or privacy of the communication.

Exemplary embodiments may take the form of systems, methods, and/orcomputer program products. Accordingly, exemplary embodiments may beembodied in hardware and/or in software (including firmware, residentsoftware, micro-code, etc.). Furthermore, exemplary embodiments may takethe form of a computer program product on a computer-usable orcomputer-readable storage medium having computer-usable orcomputer-readable program code embodied in the medium for use by or inconnection with an instruction execution system. In the context of thisdocument, a computer-usable or computer-readable storage medium may beany tangible medium that can store the program for use by or inconnection with the instruction execution system, apparatus, or device.

The computer-usable or computer-readable medium may be, for example butnot limited to, an electronic, magnetic, optical, electromagnetic, orsemiconductor system, apparatus, or device. For example, as illustratedin FIG. 6, the computer-readable storage medium may include a randomaccess memory (RAM) 610, a read-only memory (ROM) 612, an erasableprogrammable read-only memory (EPROM or Flash memory) 614, and/or anoptical storage disk 616, such as a CD-ROM, DVD-ROM or DVD-RAM.

Exemplary embodiments are described herein with reference to flowchartand/or block diagram illustrations of methods, systems, and computerprogram products. It will be understood that each block of the flowchartand/or block diagram illustrations, and combinations of blocks in theflowchart and/or block diagram illustrations, may be implemented bycomputer program instructions and/or hardware operations. These computerprogram instructions may be provided to a processor of a general purposecomputer, a special purpose computer, or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor of the computer or other programmabledata processing apparatus, create means for implementing the functionsspecified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerusable or computer-readable memory that may direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer usable orcomputer-readable memory produce an article of manufacture includinginstructions that implement the function specified in the flowchartand/or block diagram block or blocks.

The computer program instructions may also be loaded onto a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer implemented process such that theinstructions that execute on the computer or other programmableapparatus provide steps for implementing the functions specified in theflowchart and/or block diagram block or blocks.

Many variations and modifications can be made to the embodimentsdescribed herein without substantially departing from the principles ofthe present invention. All such variations and modifications areintended to be included herein within the scope of the presentinvention, as set forth in the following claims.

That which is claimed is:
 1. A network communication system, comprising:a processor in communication with a memory with instructions stored insaid memory executed by said processor; a first interface establishing acommunication path with a subscriber terminal; a second interfaceestablishing a communication path with a network access point that isconnected to a data communication network; and a connection serverassigning a network address within the data communication network to thesubscriber terminal; wherein the connection server receives outgoingcommunications from the subscriber terminal and transmits the outgoingcommunications to the network access point and receives incomingcommunications from the network access point and transmits the incomingcommunications to the subscriber terminal; wherein the connection serverfurther intercepts a tracking cookie received from a first remote serverin the data communications network and intended for the subscriberterminal and stores the tracking cookie at the connection server so thatthe tracking cookie can be used to support a communication sessionbetween the subscriber terminal and the first remote server without thetracking cookie being stored at the subscriber terminal; and wherein theconnection server further inspects an outgoing communication of thesubscriber terminal to determine an identity of a second remote serverto which the outgoing communication is addressed and, in response todetermining the identity of the second remote server from the outgoingcommunication of the subscriber terminal, queries the subscriberterminal to determine if the connection server should intercept trackingcookies from the second remote server that have not yet been received bythe connection server.
 2. The network communication system of claim 1,wherein the connection server further deletes the tracking cookie aftera predetermined period of time.
 3. The network communication system ofclaim 1, wherein the connection server further releases the networkaddress assigned to the subscriber terminal upon the occurrence of apredetermined event, and deletes the tracking cookie in response to therelease of the network address assigned to the subscriber terminal. 4.The network communication system of claim 1, wherein the connectionserver further releases the network address assigned to the subscriberterminal upon the occurrence of a predetermined event, and saves thetracking cookie in response to the release of the network addressassigned to the subscriber terminal for later use by the subscriberterminal when a new network address is assigned to the subscriberterminal.
 5. The network communication system of claim 1, wherein theconnection server further intercepts a request for the tracking cookiefrom the first remote server and provides the tracking cookie to thefirst remote server in response to the request.
 6. The networkcommunication system of claim 1, wherein the connection server furtherreplaces the network address of the subscriber terminal in the outgoingcommunication with an alias network address.
 7. The networkcommunication system of claim 1, wherein the connection server furtherdetermines that the second remote server is associated with malicioususe of tracking cookies.
 8. The network communication system of claim 1,wherein the connection server further intercepts and rejects third partycookies originating from servers other than the first remote server andaddressed to the subscriber terminal.
 9. The network communicationsystem of claim 1, wherein the connection server receives an outgoingcommunication from the subscriber terminal, determines that the outgoingcommunication is addressed to the first remote server, inserts thetracking cookie into the outgoing communication, and forwards theoutgoing communication to the first remote server.
 10. A method ofproviding network communication services, comprising: assigning anetwork address within a data communication network to a subscriberterminal; intercepting a tracking cookie received from a first remoteserver in the data communications network and intended for thesubscriber terminal; storing the tracking cookie so that the trackingcookie can be used to support a communication session between thesubscriber terminal and the first remote server without the trackingcookie being stored at the subscriber terminal; and inspecting anoutgoing communication of the subscriber terminal to determine from theoutgoing communication of the subscriber terminal an identity of asecond remote server to which the outgoing communication is addressedand, in response to determining the identity of the second remoteserver, querying the subscriber terminal to determine if trackingcookies from the second remote server that have not yet been receivedshould be intercepted.
 11. The method of claim 10, further comprising:deleting the tracking cookie after a predetermined period of time. 12.The method of claim 10, further comprising: releasing the networkaddress assigned to the subscriber terminal upon the occurrence of apredetermined event; and deleting the tracking cookie in response to therelease of the network address assigned to the subscriber terminal. 13.The method of claim 10, further comprising: releasing the networkaddress assigned to the subscriber terminal upon the occurrence of apredetermined event, and saving the tracking cookie in response to therelease of the network address assigned to the subscriber terminal forlater use by the subscriber terminal when a new network address isassigned to the subscriber terminal.
 14. The method of claim 10, furthercomprising: intercepting a request for the stored tracking cookie fromthe first remote server; and providing the stored tracking cookie to thefirst remote server in response to the request.
 15. The method of claim10, further comprising: receiving a second outgoing communication fromthe subscriber terminal; determining that the outgoing communication isaddressed to the first remote server; inserting the tracking cookie intothe outgoing communication; and forwarding the outgoing communication tothe first remote server.
 16. A computer program product for providingnetwork communication services, the computer program product comprising:a non-transitory computer readable storage medium having computerreadable program code embodied in the medium, the computer readableprogram code when executed by a processor causes the processor toperform a method comprising: assigning a network address within a datacommunication network to the subscriber terminal; intercepting atracking cookie received from a first remote server in the datacommunications network and intended for the subscriber terminal; storingthe tracking cookie so that the tracking cookie can be used to support acommunication session between the subscriber terminal and the firstremote server without the tracking cookie being stored at the subscriberterminal; providing a notice to the subscriber terminal of the receiptand storage of the tracking cookie; and inspecting an outgoingcommunication of the subscriber terminal to determine from the outgoingcommunication of the subscriber terminal an identity of a second remoteserver to which the outgoing communication is addressed and, in responseto determining the identity of the second remote server, to query thesubscriber terminal to determine if tracking cookies from the secondremote server that have not yet been received should be intercepted. 17.The computer program product of claim 16, the method further comprising:intercepting a request for the stored tracking cookie from the firstremote server; providing the stored tracking cookie to the first remoteserver in response to the request.
 18. The computer program product ofclaim 16, the method further comprising: receiving a second outgoingcommunication from the subscriber terminal; determining that the secondoutgoing communication is addressed to the first remote server;inserting the tracking cookie into the outgoing communication; andforwarding the outgoing communication to the first remote server.